New For More Information: N-Series DATA CENTER SOLUTIONS N-Series... · 2016. 7. 19. ·...

Product OverviewThe Enterasys N-Series flow-based switches offer the industry’s most granular visibility and control of individual users and voice/video/data applications. Capable of being deployed as a premium edge access device, distribution layer aggregation switch, enterprise-class core router, or data center server farm solution, the N-Series is the flagship hardware platform for the policy-based Secure Networks™ architecture. Policies ensure only the right users have access to the right information from the right place at the right time — adapting automatically every time there is a move, add, or change.

N-Series switches are available in the following form factors:

• Standaloneforsmallerwiringclosets

• 1-SlotchassisprovidingfullDistributedForwardingEngine(DFE)connectivity

• 3-Slotofferingover200portsofconnectivity

• 5-SlotoptimizedforPoEdeploymentswhileofferingover350ports

• 7-Slotofferingover500portsofconnectivity

AlloftheN-SeriesofferingsleveragetheEnterasysDFEarchitecturewherebytheswitching,routing, and management control functions are embedded in each module, delivering unsurpassed reliability, scalability, and fault tolerance. Customers can quickly and cost-effectively add connectivityasneededwhilescalingperformancecapacitywitheachnewblade.TheDFEhigh-availability architecture makes forwarding decisions, enforces security policies, and classifies/prioritizestraffic.DFEsensurethehighestQualityofService(QoS)forcriticalapplicationssuchasvoiceevenduringperiodsofover-subscription—whileproactivelypreventingDenialofService(DoS)attacks.

Optimized for edge, distribution, core, and data center deployments

Industry-leading technology lifecycle improves ROI and lowers TCO

Granular visibility and control of users and voice/video/data applications

Flow-based architecture optimized for iSCSI and Server Virtualization

Unique Distributed Forwarding Engine architecture assures business continuity for mission-critical applications

Point-to-point backplane architecture provides up to 1.68 Terabits of switching capacity

N-SeriesConvergence-ready,10GEModularL2/L3/L4SwitchforEdge-to-CoreandDataCenter

DATASHEET

There is nothing more important than our customers.

BenefitsBusiness Alignment• Standards-based,openarchitecture

for reliable and secure deployment of next generation business-critical applications

• Best-in-classQoSfunctionalityensuresreliable and predictable performance for convergence-based applications plus integrated support for standards-based Power over Ethernet (PoE)

• N-Seriesflow-basedarchitecturedelivers end-to-end visibility and control over users, services, and applications ensuring consistent end-user experience 24x7x365

Operational Efficiency• LowestTCOforanyproductinitsclass,

featuring a 10-year chassis life with guaranteed backward compatibility plus continued performance and density enhancements to meet future enterprise networking requirements

• Deploymentflexibilitysignificantlydrives down maintenance costs and simplifies management

• Lowestpowerconsumptionandthermal output BTU/Hour drives down data center power and cooling costs

Security• Unrivalledcapabilitytoprotect

business traffic from malicious attacks and maintain data integrity and application delivery

• Edgesecurityextendedtoexistingswitches and wireless access points allows authentication of thousands of users or devices simultaneously on a single port

• Integratednetworkaccesscontrol(NAC)andintrusiondetection&prevention (IDS/IPS) via Enterasys Security Modules

Support and Services• Industry-leadingcustomersatisfaction

and first call resolution rates

• Personalizedservices,includingsitesurveys, network design, installation, and training

DATA CENTER SOLUTIONS

For More Information:(866) [email protected]

The N Stand Alone(NSA)solutionprovidesapremiumedgeswitchfor smaller wiring closets or data center server clusters. This product provides48-portsof10/100/1000connectivityplusfourmodularGigabituplinkports(SFP).Itisa2RUstandaloneswitchthatsupportsallN-SeriesPlatinumDFEfeaturesandincludesredundantAC power supplies.

N1 System Bundles–Two24port,triplespeedfixedconfigurationN1solutionbundlesprovidecosteffective,advancedfunctionalitysolutions for smaller wiring closet or data center applications. One bundleincorporatesmodularGigabitEthernetuplinksupport.

Unlikecompetingsolutions,theN-Seriesimplementsagranular,flow-basedarchitecturetointelligentlymanageindividualuserandapplicationconversations—notjustportsorVLANs.Policyrules combined with deep packet inspection can intelligently sense and automatically respond to securitythreatswhileimprovingreliabilityandqualityoftheuserexperience.NetFlowdatacanbe collected at wire-speed without sacrificing performance or requiring sampling techniques. The N-Series is also the only enterprise switch to support multi-user, multi-method authentication on every port — absolutely essential when you have phones, computers, printers, copiers, security cameras, and badge readers on the network. When security matters, there is no better choice than the Enterasys N-Series.

System Summary

Multiple Platforms to Fit Any EnvironmentThe Enterasys N-Series family of flow-based switches bring high-performance distributed switching to the wiring closet, distribution layer, enterprise core, and data center. The N-Series portfolio consistsofthe7-slotN7,5-slotN5,3-slotN3,andthe1-slotN1chassisofferingsthatacceptDiamond,Platinum,andGoldDFEbladesandNetworkExpansionModules.Deliveringsomeofthe highest switching port densities available in the market today and scaling to provide overall systemcapacitiesof1.68Terabits,allchassissupportstandards-basedPoE,eitherviaanexternalpowershelforasafullyintegratedpowersystemintheN5.DistributedForwardingEnginescanbe installed in any chassis and their innovative design dramatically reduces startup costs since there is no need to purchase additional components such as supervisor engines, router modules, or managementmodules.TheN-Seriesdeliversnextgenerationperformancewith10GigabitEthernetuplinks and aggregation.

N1 N3 N5 N7

DFE Module Slots 1 3 5 7

Switching Throughput 13.5 Mpps 40.5 Mpps 67.5 Mpps 94.5 Mpps

Total Backplane Capacity 80 Gbps 240 Gbps 800 Gbps 1.68 Tbps

10/100 ports per system 72 216 360 504

100 Base-FX ports per system

54 162 270 378

10/100/1000 ports per system

72 216 360 504

10/100/1000 PoE ports per system

48 144 360 336

1000 Base-X ports per system

24 72 120 168

10 Gigabit ports per system 4 12 20 28

Distributed Forwarding Engines (DFEs)TheN-SeriesDistributedForwardingEngines(DFEs)supportover18Gbpsofswitchcapacityperbladeanddeliverfullydistributedswitch management and route processing capabilities, where each interface module is individually driven and managed by on-board processors.Enterasysflow-basednTERAASICs,togetherwithfirmwaremicroprocessors, create a traffic control solution that delivers high performanceandflexibility.ThisdistributedASIC-basedarchitectureincreases processing power as modules are added for a higher level of scalability at significantly smaller startup costs than competing solutions whicharetypicallybuiltaroundcentralizedswitchfabricsandsupervisormanagement modules.

DFEsareavailableinawidearrayofinterfacetypestoaddressvariednetworkrequirementsincluding10/100Base-TX,10/100/1000Base-TX,100Base-FX,1000Base-X,and10-GigabitEthernet.SelectedDFEmodulesarealsoavailablewithintegratedPoE.SomeDFEsprovideanaddedlevelofflexibilitybyincludingNetworkExpansionModule(NEM)slots.Thisfurthersimplifiesnetworkdesignandreducesthecostofnetworkdeployments.CurrentNetworkExpansionModules(NEMs)includesupportfortheN-SeriesSecurityModule,N-SeriesWirelessController,six1000Base-Xports,and10GigabitEthernetconnectivity.

Inadditiontoprovidingportexpansion,NetworkExpansionModulesallow enterprises to integrate security applications, including the award-winningEnterasysIntrusionPreventiontechnology,directlyintotheN-SerieschassiswiththeN-SeriesSecurityModule.TheN-SeriesSecurityModuleisanopen,all-purposeprocessorthatprovidesthe capability to add applications directly into the network switch infrastructure.

DFEsaredesignedforimplementationfordifferentpositionswithinnetwork infrastructures, offering differentiated features and price points.

DiamondDFEshavebeenoptimizedforlarge-scale,multi-userpolicydeployments in data center server farms and at the distribution and core layersofthenetwork.DiamondDFEssupportthefullrangeofSecureNetworksfeatures,includingadvancedQualityofService(QoS)andper-usertrafficratelimiting.Availablein10/100/1000,1000Base-X,and10Gigabitconfigurations;DiamondDFE’sincludeadditionalprocessingpower,memory,policycapacityexpansion,andadvancedroutinglicensesfor medium to large enterprise backbone and distribution-layer routing applications.

PlatinumDFEssupportthefullrangeofSecureNetworksfeatures,butare primarily designed for deployment in access and distribution roles, withsupportforupto1000downstreamusers/devicesonasingleport(2000perchassis)withfulldistributedfault-tolerancecapabilities.Theadvancedroutinglicense(N-EOS-L3)andper-portpolicycapacitylicense(N-EOS-PPC)canbepurchasedinordertoprovidesimilarmulti-userauthenticationandroutingscalabilityastheDiamondDFEs.PlatinumDFEsprovideabroadrangeofEthernetconnectivityrangingfrom10/100to10GigabitEthernet,includingsupportforPoweroverEthernet.GoldDFEsaredesignedspecificallyforhigh-density,10/100,10/100/1000,and100FXnetworkedge/accessapplications,withoptions for Power over Ethernet.

GoldDFEsdeliverscalableperformanceandflexibilitytoensurecomprehensiveswitching,QoS,security,andbandwidthcontrol,providing a more cost-effective option for customers deploying flow-based switchingattheedgeofthenetwork.GoldDFEssupporttwouniqueusersperport(typicallyaworkstationandaVoIPhandset)incontrasttoPlatinumandDiamondwhichsupportupto1,000users/devicesperport.Throughanoptionalsoftwareupgrade(N-EOS-RED),GoldDFEmodulescansupport1+1redundancyformission-criticalnetworkapplications.

High-Performance Distributed ArchitectureThe N-Series was designed from inception to support high availability environments.TheN-Seriesbackplaneisapoint-to-pointmatrixdesignwith fully meshed inter-switch links that provide increased scalability and performance. Since there are no active backplane components, there is nosinglepointoffailure.Theinter-switchlinkscansupportupto80Gbpsofswitchingcapacityperlink.Totalsystemaggregateswitchingcapacityscalesto1.68Tbps.

The N-Series unique distributed architecture provides considerable advantages when compared to solutions that rely on centralised processing modules:

• N+6High-availability

• Performancescalesasmodulesareadded

• Inherentbackwardscompatibilityandfuture-proofingprovidesmarketleadingReturnonInvestment(ROI)

• Scalability:PortDensityandPerformance

• LowLatency:Eachmodulehasaconnectiontoeveryothermodule

• Modulesareautomaticallyupgradedandconfiguredastheyareplugged into the system

Fully Distributed Passive Backplane

ArchitecturalOverview

Enabling Secure NetworksAn integral part of the Secure Networks architecture from Enterasys, the N-Series provides advanced security, priority, and bandwidth control mechanisms without compromising network performance. Secure Networks leverages the distributed, flow-based visibility and advanced policy-based control of the N-Series.

NetFlow Without CompromiseNetworkperformancemanagementandsecuritycapabilitiesviaNetFlowareavailableoneveryN-SeriesDFEwithoutslowingdownswitching/routingperformanceorrequiringthepurchaseofexpensivedaughtercards for every blade. Enterasys tracks every packet in every flow as opposed to competitor’s statistical sampling techniques.

The N-Series’ distributed, flow-based architecture allows for a very granular level of visibility and control for each user and application conversation, or flow, while simultaneously handling a large volume of traffic. The distributed architecture enables each switch module in a N-Series chassis to function independently of other modules and eliminates single points of failure. Each chassis is managed as a single systemusingasingleIPaddress.Thiscapabilityisuniqueintheindustryand provides security and management automation.

Distributed, Flow-Based ArchitectureInordertoensurethatgranularvisibilityandcontroloftrafficismaintained, without sacrificing performance, the N-Series deploys a distributed, flow-based architecture. This architecture ensures that when a specific communications flow is being established between two end points, the first packets in that communication are processed through themulti-layerclassificationengineintheswitch.Inthisprocess,therole is identified, the applicable policies are determined, the frames are inspected, and the action is determined. After the flow is identified, all subsequent frames associated with that flow are automatically handled in ASICswithoutanyfurtherprocessing.Ifthatflowweretochangeinanyway, a new flow would be identified and new policies would be applied. InthiswaytheN-Seriesisabletoapplyaverygranularlevelofcontroltoeach flow without sacrificing performance.

Multi-User Authentication and PolicyAuthenticationallowsenterpriseorganizationstocontrolnetworkaccessandprovidesmobilitytousersanddevices.Itprovidesawaytoknowwho or what is connected to the network and where this connection is at any time. The N-Series has unique, market-leading capabilities regarding thetypesofsimultaneousauthenticationmethods.DFEscansupportmultipleconcurrentauthenticationtechniques,including802.1Xauthentication;MACauthentication,whichisawaytoauthenticatedevicesonthenetworkusingtheMACaddress;andWeb-Basedauthentication,alsoknownasPortWebAuthentication(PWA),whereauser name and password are supplied through a browser. This capability providesgreatflexibilitytoenterpriseslookingtoimplementaccesscontrol mechanisms across their infrastructure.

Distribution

Enables simplified user/deviceidentification within a

Secure Network™

User authenticated/access and application control enforced here –

up to 1024 users per port

Edge

User physicallyconnected here

Features

A significant additional feature of the N-Series is the capability to supportMulti-UserAuthentication,thismeansthatmultipleusers/devices can be connected to the same physical port, and that each one can be authenticated individually using one of the multi-method options (802.1x,MAC,orPWA).

Thevalueexistsintheabilitytoauthorizemultipleusers,eitherusingdynamicpolicyorVLANassignmentforeachauthenticateduser.Inthecaseofdynamicpolicy,thisiscalledMulti-UserPolicy.

Multi-userportcapacitieswiththeN-Seriesaredeterminedonaperport,perDFE,andpermulti-slotsystembasis.DefaultPlatinumDFEcapacities are as follows:

Perport:8-128 Perblade(DFE):1024 Perchassis:1024

Itispossibletoincreasethesecapacitiesbypurchasingadditionallicences. The N-EOS-PPC license increases user port capacity on a per DFEbasisfromthedefaultcapacityof8-128toamaximumof1024.Whenpresent,theN-EOS-PUCupgradelicensesetsthechassiscapacityat2048userspersystem,thisvaluecanbeoverriddenusingaCLIcommandsettingthemaximumof2048users/port.N-EOS-PPCandN-EOS-PUCarenotavailableforGoldDFEsandareanoptionalpurchaseforPlatinumDFEs.DiamondDFEsincludeN-EOS-PPC.

Muti-userauthenticationandpolicycanprovidesignificantbenefitstocustomersbyextendingsecurityservicestousersanddevicesconnectedto unmanaged devices, third party switches/routers, VPN concentrators, orwirelessLANaccesspointsattheedgeoftheirnetwork.Security, priority,andbandwidthcontrolareenhancedwhileprotectingexistingnetwork investments.

Dynamic, Flow-Based Packet ClassificationAnother unique feature that separates the N-Series from all competitive switchesisthecapabilitytoprovideUser-BasedMulti-layerPacketClassification/QoS.Withthewidearrayofnetworkapplicationsusedonnetworkstoday,traditionalMulti-layerPacketClassificationbyitselfisnotenough to guarantee the timely transport of business-critical applications. IntheN-Series,User-BasedMulti-layerPacketClassificationallowstraffic classification not just by packet type, but also by the role of the useronthenetworkandtheassignedpolicyofthatuser.WithUser-BasedMulti-layerPacketClassification,packetscanbeclassifiedbasedonuniqueidentifierslike“AllUsers”,“UserGroups”,and“IndividualUser”,thusensuringamoregranularapproachtomanagingand maintaining network confidentiality, integrity, and availability.

Layer 2• MAC Address• EtherType (IP, IPX, AppleTalk, etc.)

Layer 3• IP Address• IP Protocol (TCP, UDP, etc.)• ToS

Layer 4• TCP/UDP port (HTTP, SAP, Kazza, etc.)

Sw

itch

Por

tV

LAN

Use

rF

low

Deny

Priority/QoS

Rate Limit

Permit

Contain

N-Series

Access Control

Class of Service

User-Based Multi-layer Packet Classification/QoS

Integrated Services Design

IntegratedServicesDesignisakeydifferentiatorthatseparatestheN-SeriesDFEfromthecompetition.IntegratedServicesDesignreducesthe number and type of modules required to build typical wiring closet configurations,simplifyingtheoverallnetworkdesign.Inturn,thissignificantlyreducesthemaintenanceandsparingcostaseachDFEcanperform all of these services unlike competitive offerings which have a plethora of different line cards required in order to provide similar services.

Per DFE Integrated Services Design

Multi-layer packet classification - enables the delivery of critical applications to specific users via traffic awareness and control

• User,Port,andDeviceLevel(Layer2through4packetclassification)

• QoSmappingtopriorityqueues(802.1p&IPToS/DSCP)upto16queues per port

• Multiplequeuingmechanisms(WFQ,WRR,etc.)

• GranularQoS/ratelimiting

• VLAN-to-policymapping

Switching/VLAN services - provides high-performance connectivity, aggregation, and rapid recovery services

• Extensiveindustrystandardscompliance(IEEEandIETF)

• Inboundandoutboundbandwidthratecontrolperflow

• VLANservicessupport

−Linkaggregation(IEEE802.3ad),32trunksperN-Serieswithnolimittothenumberofportspertrunk;trunkscanspanDFEs

−Multiplespanningtrees(IEEE802.1s)

−Rapidreconfigurationofspanningtree(IEEE802.1w)

•Flowsetupthrottling

Feature Summary

Distributed IP Routing-providesdynamictrafficoptimization,broadcastcontainment, and more efficient network resilience

• Baseroutingfeaturesincludestaticroutes,RIPv1/RIPv2,VRRP,IPv4,andMulticastroutingsupport(DVMRP,IGMPv1/v2,PIM-SM)

• AdvancedroutingfeaturesarelicensedseparatelythroughthepurchaseofN-EOS-L3andincludeLSNAT,DHCPrelay,PIM,OSPF,DVMRP,andExtendedACLs.DiamondDFEsincludeadvancedrouting at no additional charge.

Security (User, Network, and Host) - protects a business against network misuse and controls access to resources and confidential information

• Usersecurity

−Authentication(802.1X,MAC,andWeb),MAC(StaticandDynamic)portlocking(perport802.1XauthenticationwithRADIUSsupport)

−Multi-userauthentication/policies

•Networksecurity

−AccessControlLists(ACL)–basicandextended

−Policy-basedsecurityservices(examples:spoofing,unsupportedprotocolaccess,intrusionprevention,DoSattackslimits)

•Host

−SecureaccesstotheN-SeriesviaSSH,SSL,SNMPv3(switchloginwithRADIUSsupport)

Management,Control,andAnalysis-providestreamlinedtoolsformaintaining network availability and health

•Configuration

−Industry-standardCLIandwebsupport

−Multipleimageswitheditableconfigurationfiles

•NetworkAnalysis

−SNMPv1/v2c/v3,RMON/RMONII,andSMON(rfc2613)VLANandStats

−Port/VLANmirroring(one-to-one,one-to-many,many-to-many)

−LinerateNetFlow

•Automatedset-upandreconfiguration

−ReplacementDFEwillautomaticallyinheritpreviousDFEsconfiguration

– New blades added to chassis will automatically be updated with active configuration and firmware

Optimized, High-Availability ServicesAside from the standard high-availability features of typical wiring closet and data center switches, the N-Series includes many advanced features such as dynamic service fail-over, automatic module self-configuration, and multi-image support.

Dynamicservicefail-overenableseachDiamond/PlatinumDFEservice(e.g.,hostmanagement,switching/VLANs,routing,etc.)tobeautomaticallyswitchedtoanotherDiamond/PlatinumDFEinaneventofmoduleorprocessfailure.This“selfhealing”capabilityhappensinmillisecondsbecauseeachserviceisreplicatedoneveryDiamond/PlatinumDFE.

Automatic module self-configuration is another innovative feature that allowsaDFEmoduletoreceivetheirconfigurationfromotherDFEsautomatically. This is ideal for replacing failed modules without manually reconfiguringthereplacementDFE.

The N-series allow you to download and store multiple image files, this feature is useful for reverting back to a previous version in the event that a firmware upgrade fails. This multi-image support provides significant operational efficiencies especially with regard to the application of firmware patches.

Feature-Rich FunctionalityExamplesofadditionalfunctionalityandfeaturesthatcanbefoundwithin the N-Series include:

• NetFlow

• LSNAT

• NAT

• LLDP-MED

• FlowSetupThrottling

• WebCacheRedirect

• Node&AliasLocation

• WebCacheRedirect

• PortProtectionSuite

Toexpandonsomeoftheabove,networkperformancemanagementandsecuritycapabilitiesviaNetFlowareavailableoneveryN-SeriesDFEwithout slowing down switching/routing performance or requiring the purchaseofexpensivedaughtercardsforeveryblade.Enterasystracksevery packet in every flow as opposed to competitor’s statistical sampling techniques.TheEnterasysadvantageisthenTERAASICcapabilitiesthatcollectNetFlowstatisticsforeverypacketineveryflowwithoutsacrificingperformance,N-Seriesswitchescancollect9,000flowrecordspersecond,perbladeonGold,Platinum,andDiamondDFEs

ThisisanorderofmagnitudegreaterNetFlowcollectionperformancethananyotherNetFlowappliancevendor(over60,000flowrecordspersecondinafully-populatedchassis).

FlowSetupThrottling(FST)isaproactivefeaturedesignedtomitigatezero-daythreatsandDenialofService(DoS)attacksbeforetheycanwreakhavoconthenetwork.FSTdirectlycombatstheeffectsofzero-dayandDoSattacksbylimitingthenumberofneworestablishedflowsthat can be programmed on any individual switch port. This is achieved bymonitoringthenewflowarrivalrateand/orcontrollingthemaximumnumber of allowable flows.

Innetworkoperations,itisverytimeconsumingtolocateadeviceorfindexactlywhereauserisconnected.Thisisespeciallyimportantwhenreactingtosecuritybreaches.TheN-SeriesDFEsautomaticallytrackthenetwork’s user/device location information by listening to the network traffic as it passes through the switch. This information is then used to populate the Node/Alias table with information such as an end-station’s (Node’s)MACaddressandLayer3aliasinformation(IPAddress,IPXAddress,etc).ThisinformationcanthenbeutilizedbynetworkmanagementtoolstoquicklydeterminethatIPAddress123.145.2.23islocatedonswitch5port3andintheeventofasecuritybreachtake

some form of action against that device. This node and alias functionality isuniquetoEnterasysandreducesthetimetopinpointtheexactlocation of a problem from hours to minutes.

FororganizationslookingtodeployVoiceoverIP(VoIP)technologiesthe N-Series provides significant capabilities through its support fortheindustrystandarddiscoveryprotocolLLDP-MED(LinkLayerDiscoveryProtocolforMediaEndpointDevices).Thisprotocolallowsfor the accurate representation of network topologies within Network ManagementSystems(NMS),N-Seriesswitchesareabletolearnaboutall the devices connected to them understanding whether or not they areaVoIPphone,tellthephonewhichVLANtouseforvoice,andevennegotiatethepowerthatthephonecanconsume.LLDP–MEDalsoenables911emergencyserviceslocationfunctionswherebythelocationof a phone can be determined by the switch port to which it is connected.

N-SeriessupportforNetworkAddressTranslation(NAT)providesapracticalsolutionfororganizationswhowishtostreamlinetheirIPaddressing schemes. NAT operates on a router connecting two networks, simplifyingnetworkdesignandconservingIPaddresses.NATcanhelporganizationsmergemultiplenetworkstogetherandenhancenetworksecurity by helping to prevent malicious activity initiated by outside hosts from entering the corporate network, improving the reliability of local systems by stopping worms, and augments privacy by discouraging scans.

Within server farm environments N-Series can help to increase reliability andperformanceviatheimplementationofLoadSharingNetworkAddressTranslation(LSNAT).BasedonRFC2391,LSNATusesanumber of load sharing algorithms to transparently offload network load on a single server and distributes the load across a pool of servers.

N-Series also supports a comprehensive portfolio of port protection capabilities,suchasSPANguardandMACLockwhichdetectunauthorizedbridgesinthenetworkandrestrictaMACaddresstoaspecificport.OtherportprotectionfeaturesincludeLinkFlap,BroadcastSuppression,andSpanningTreeLoopprotectionwhichprotectsagainstmis-configuration and protocol failure.

From the Edge to the CoreToday’s enterprise networking customers demand highly reliable, feature-rich networking devices to fulfill their requirements across all layers of thenetwork,providingthescalability,returnoninvestment(ROI),andsecurityrequiredofa21stcenturybusinessenvironment.

Enterasys N-Series switches provide industry-leading, high-performance distributed switching for enterprise networks, providing customers with the scalability, performance, and application control to meet the growing needsoftoday’senterprises.BuiltontheawardwinningnTERAASICarchitecture, N-Series solutions provide high-performance, feature-rich, andhighlyscalable10/100,10/100/1000,Gigabit,and10GigabitEthernet connectivity. This allows them to scale from the desktop right

to the heart of the network core where they are well positioned to meet emerging high-bandwidth requirements for core routing implementations.

High-performance,distributedcomputingincreasesthedemandforsecure campus networks, at the same time business-critical systems and services are becoming increasingly dependant upon enterprise backbone infrastructures. N-Series solutions have the capacity, scalability, and QoSfunctionalityrequiredtodealwiththesenewdemands.Architectedtoensurenosinglepointoffailurewithindustry-leadingN+6high-availability,N-SeriesutilizingDiamondDFE’saretheperfectsolutionforcore routing and secure data center applications.

Atthedistributionlayer,PlatinumDFEsdelivergranular,end-to-endvisibility and control over individual users, services, and applications, as well as firewall-like security on every port for downstream devices through

Deployment Scenarios

multi-user,multi-methodauthentication,authorization,andaudit.Enterasys N-Series flow switches:

• Ensureonlytherightusersareaccessingtherightinformationfromthe right place at the right time

• Discover,classify,andprioritizevoiceandvideotrafficdistinctlyfromdatatrafficeventhoughasingleportmayhave1,000downstreamusers

N-Series can also be positioned at the edge of the network enabling user/devicelevelconnectivity.Highdensity10/100/1000connectivityand network access control functionality prevents the spread of worms orvirusesthroughoutanetwork,protectinguserswithinaVLANorworkgroup through quarantine and isolation of individual conversations. AdditionallystandardsbasedPoEsupportforIPtelephonyservicesandapplications ensure support for convergence applications.

Switching / VLAN Services•802.1pPriority •802.1QVLANs •802.1DMACBridges •802.1wRapid-reconvergenceofSpanningTree •802.1sMultipleSpanningTree •802.3Ethernet •802.3abGigabitEthernet(copper) •802.3uFastEthernet •802.3adLinkAggregation •802.3aeGigabitEthernet •802.3az10-GigabitEthernet •802.3xFlowControl •802.3zGigabitEthernet(fiber) •IPMulticast(IGMPsupportv1,v2,perVLANquerieroffload) •JumboPacketwithMTUDiscoverySupportforGigabit •LinkFlapDetection •DynamicEgress(AutomatedVLANPortConfiguration) •GenericVLANRegistrationProtocol(GVRP)

IP Routing•RFC1812GeneralRouting •RFC792ICMP •RFC1256ICMPRouterDiscoveryProtocol •RFC826ARP •RFC1027ProxyARP •StaticRoutes •RFC1058RIPv1 •RFC1723RIPv2withEqualCostMultipathLoadBalancing •RFC1812RIPRequirements •RFC1519CIDR •RFC2338VirtualRouterRedundancyProtocol(VRRP) •StandardACLs •DHCPServerRFC1541/RelayRFC2131

Extended IP Routing•RFC1583/RFC2328OSPFv2 •RFC1587OSPFv2NSSA •RFC1745OSPFInteractions •RFC1746OSPFInteractions •RFC1765OSPFDatabaseOverflow •RFC2154OSPFwithDigitalSignatures(Password&MD5) •OSPFwithMultipathSupport •OSPFPassiveInterfaces

•RFC2391LoadSharingusingNetworkAddressTranslation •ExtendedACLs •PolicyBasedRouting •RFC1112IGMP •RFC2236IGMPv2 •DVMRPv3-10 •RFC2361ProtocolIndependentMulticast-SparseMode

Network Security and Policy Management•802.1Xportbasedauthentication •Web-basedauthentication(PWA+) •MAC-basedauthentication •ConvergenceEndpointDiscoverywithDynamicPolicyMapping

(SiemensHFA,CiscoVoIP,H.323andSIP,LLDP-MED)•Multipleauthenticationtypesperportsimultaneously(802.1x,

MAC,PWA+)•MultipleauthenticatedUsersperportwithUniquePoliciesperUser/

endsystem(VLANassociationindependent)•RFC3580IEEE802.1RADIUSUsageGuidelines,withVLAN-to-Policy

Mapping&VLANassignmentviaauthentication•WormSuppression(FlowSet-UpThrottling)•BroadcastSuppression•ARPStormPrevention•MAC-to-PortLocking•SpanGuard(SpanningTreeProtection)•StatefulIntrusionDetectionSystemLoadBalancing•StatefulIntrusionPreventionSystemandFirewallLoadBalancing•BehavioralAnomalyDetection/FlowCollector(non-sampledNetflow

version5andversion9)•StaticMulticastGroupProvisioning•MulticastGroup,Sender,andReceiverPolicyControl•VLANTAGOverwrite

Class of Service•StrictPriorityQueuing•WeightedFairQueuingwithQueueBandwidthshaping•4/16TransmitQueuesperport(1000BaseXSFP)•4TransmitQueuesperport(10/100/1000)•16TransmitQueuesperport(10-GigabitEthernet)•Upto1024RateLimiters•PacketcountorBandwidth-basedRateLimiters.•IPToS/DSCPMarking/Remarking•802.1DPriority-to-TransmitQueueMapping

Standards and Protocols

Management, Control, and Analysis•SNMPv1/v2c/v3•Web-basedManagementInterface•IndustryCommonCommandLineInterface•MultipleSoftwareImageSupportwithRevisionRollBack•Multi-configurationFileSupport•Editabletext-basedConfigurationFile•COMPortBootPromandImageDownloadviaZMODEM•TelnetServerandClient•SecureShell(SSHv2)•CabletronDiscoveryProtocol•CiscoDiscoveryProtocolv1/v2•IEEE802.1ABLLDP,TIA/ANSI1057LLDP-MED•Syslog•FTPClient•SimpleNetworkTimeProtocol(SNTP)•Netflowversion5andversion9•RFC3580VLANAuthorization•RFC2865RADIUS•RFC2866RADIUS Accounting•TACACS+forManagementAccessControl•ManagementVLAN•16Many-to-Oneport,One-to-ManyPorts,VLANMirrorSessions(64

whenDFEdeployedwithanN1/NSAChassis)

IETF and IEEE MIB Support•RFC1213&RFC2011IP-MIB•RFC1493BridgeMIB•RFC1659RS-232MIB•RFC1724RIPv2MIB•RFC1850OSPFMIB•RFC2012TCPMIB•RFC2013UDPMIB•RFC2096IPForwardingTableMIB•RFC2276SNMP-CommunityMIB•RFC2578SNMPv2SMI•RFC2579SNMPv2-TC•RFC2613SMONMIB•RFC2674802.1p/QMIB•RFC2737EntityMIB•RFC2787VRRPMIB•RFC2819RMONMIB(Groups1-9)•RFC2863IFMIB•RFC2864IFInvertedStackMIB•RFC2922PhysicalTopologyMIB•RFC3273HCRMONMIB•RFC3291INETAddressMIB•RFC3411SNMPFrameworkMIB

•RFC3412SNMP-MPDMIB•RFC3413SNMPv3Applications•RFC3414SNMPUser-BasedSMMIB•RFC3415SNMPView-BasedACMMIB•RFC3417SNMPv2-TM•RFC3418SNMPv2MIB•RFC3621PowerEthernetMIB•RFC3635EtherLikeMIB•RFC3636MAUMIB•IEEE802.3LAGMIB•IEEE802.1PAEMIB•RSTPMIB•USMTargetTagMIB•UBridgeMIB•Draft-ietf-idmr-dvmrp-v3-10MIB•Draft-ietf-pim-sm-v2-new-09MIB•SNMP-REARCHMIB•IANA-ADDRESS-FAMILY-NUMBERSMIB

Private MIBs•Ct-broadcastMIB•Ctron-CDPMIB•Ctron-ChassisMIB•Ctron-igmpMIB•Ctron-q-bridge-mib-extMIB•Ctron-rate-policyingMIB•Ctron-tx-queue-arbitrationMIB•Ctron-aliasMIB•Cisco-TCMIB•Cisco-CDPMIB•Cisco-netflowMIB•Enterasys-configuration-managementMIB•Enterasys-MAC-lockingMIB•Enterasys-convergence-endpointMIB•Enterasys-notification-authorizationMIB•Enterasys-netfowMIB•Enterasys-license-keyMIB•Enterasys-aaa-policyMIB•Enterasys-class-of-serviceMIB•Enterasys-multi-authMIB•Enterasys-mac-authenticationMIB•Enterasys-pwaMIB•Enterasys-upn-tcMIB•Enterasys-policy-profileMIB•Enterasys-flow-limitingMIB

Please refer to DFE release notes for a complete list of supported MIBs

Standards and Protocols (cont.)

DDoS Attack ProtectionTested Against

•TCP/UDPPortScan •ChristmasTreeAttack •FraggleAttack •Fragmented&LargeICMP •ICMPFlood •InvalidICMPAttacks •ICMPRe-DirectAttack •LANd

•TCPSynFinAttack •TCPSynFlood •TearDropAttack •UDPPortFlood •InvalidUDPAttacks •InvalidIGMPAttacks •CiscoGlobalExploiter •ShadowcodeTTLAttack •NTPDoS •OpenTCPSessionAttacks •FloodTCPSession

Dimensions

NSA:8.81cm(3.48”)Hx144.46cm(17.62”)Wx51.92cm(20.44”)D

N1:8.81cm(3.48”)Hx144.46cm(17.62”)Wx51.92cm (20.44”)D

N3:35.56cm(14”)Hx49.53cm(19.5”)Wx44.45cm(17.5”)D

N5:58.67cm(23.1”)Hx44.45cm(17.5”)Wx47.5cm(18.7”)D

N7:77.47cm(30.5”)Hx36.83cm(14.5”)Wx44.04cm(17.34”)D

PoweroverEthernetPowerShelf:12.9cm(5.12”)Hx44.6cm(17.56”)Wx39.73cm(15.7”)D

Weight

NSA:6.36kg(14lbs)N1:6.36kg(14lbs)N3:19.1kg(42lbs)N5:27.2kg(60lbs)N7:23.6kg(52lbs)PoweroverEthernetPowerShelf:8.2kg(18lbs)

Rack Mounting

19”

Rack Unit HeightNSA:2N1:2N3:8N5:14N7:18PoweroverEthernetPowerShelf:3

Power Supply Redundancy

1+1

Power Supply Wattage

NSA:250wattsmaximumN1:250wattsmaximumN3:863wattsmaximumN5:1,200wattspersupplyN7:1,600wattspersupply

Power over Ethernet Power Shelf

N1,N3,andN7:ExternalviaN-POEN5:InternalPoEPowerSupply:1,200wattspersupplyMaximumPoEPower:4,800watts(4x1,200watts)

Input Frequency

Autoranging:50to60Hz

Input Voltage Range

Autoranging:100to125Vac,200to240Vac

Input Current

NSA:120V3.6Amps;240V1.6Amps

N1:120V3.6Amps;240V1.6Amps




N7:DualInput:120V12.0Amps;240V6.0Amps

Minimum Power Supplies

One

Standards and Protocols (cont.)

Specifications

Physical Specifications

Environmental Specifications

Operating Temperature

5°Cto+40°C(41°Fto104°F)

Storage Temperature

-30°Cto73°C(-22°Fto164°F)

Operating Humidity

5%–90%RH,non-condensing

Agency and Standards Specifications

Safety

UL60950,CSA60950,EN60950,EN60825,andIEC60950

Electromagnetic Compatibility

47CFRParts2and15,CSAC108.8,EN55022,EN55024,EN61000-3-2,EN61000-3-3,AS/NZSCISPR22,andVCCIV-3

MTBF (Calculated) Systems

NSA:>102,028hoursN1:>119,463hoursN3:>792,909hoursN5:>357,927hoursN7:>404,872hours

Ordering InformationPart Number Description

NSA

2G4072-52 NStandaloneserieswith48port10/100/1000Base-TXportsviaRJ45and41000Base-Xportsviamini-GBIC.Includesredundantinternalpower supplies.

N1

7C111 N1single-slotchassisincludingredundantACpowersuppliesandfans

2G4082-25-SYS N1systembundleincludes24port10/100/100andNetworkExpansionModuleslot

2G4082-25-SYS-U N1systembundleincludes24port10/100/100and6portMiniGBICNetworkExpansionModule

N3

7C103 N3Chassisandfantray

7C203-1 N3863-WattACpowersupply

7C403 FanunitforN3(spare)

N3-System N3systembundleincludingchassis,fantray,andonechassispowersupply(NorthAmericaonly)

N3-System-R N3systembundleincludingchassis,fantray,andtwochassispowersupplies(NorthAmericaonly)

N5

7C105-P N5ChassisandfantraywithintegratedPoEshelf

7C205-1 N51200-WattACpowersupply

7C405 FanunitforN5(spare)



N7

7C107 N7Chassisandfantray

6C207-3 N7/E71600-WattACpowersupplyincludestwo15Amppoweroutlets

6C407 FanunitforN7andE7(spare)



Power over Ethernet

N-POE PoweroverEthernetpowershelf(supportsfour1200-Wattpowersupplies)

N-POE-1200W 1200WattPoweroverEthernetpowersupplyforN5andN-POE

DFE-POE-CBL-2M N-POEtoDFEPoweroverEthernetcable—2Meters

Formoreinformation,callEnterasysNetworkstollfreeat1-877-801-7082, or+1-978-684-1000andvisitusontheWebatenterasys.com

Contact Us

WarrantyThe Enterasys N-Series comes with a one year hardware warranty. Forfullwarrantytermsandconditionspleasegoto

http://www.enterasys.com/support/warranty.aspx.

Service and Support

Enterasys Networks provides comprehensive service offerings that range

fromProfessionalServicestodesign,deployandoptimizecustomer

networks,customizedtechnicaltraining,toserviceandsupporttailored

to individual customer needs. Please contact your Enterasys account

executiveformoreinformationaboutEnterasysServiceandSupport.

Additional Information

ForadditionalinformationonEnterasysN-Seriesvisit http://www.enterasys.com/products/switching/.

Notes

1. Please refer to DFE data sheets for information regarding connectivity modules 2. N1, N3, N5, and N7 chassis’ do not support 1st, 2nd, and 3rd generation modules 3. Basic EOS routing is included with each DFE; EOS supports static routing and RIP 4. Only one advanced routing license is required per chassis (N1,N3,N5,N7) 5. Advanced routing license included with Diamond DFEs 6. N-EOS-L3 includes support for OSPF, DVMRP and PIM-SM

Ordering Information (cont.)Part Number Description

Operating Software

N-EOS-L3 EnterasysOperatingSystem(EOS)Layer3routingandadvancedfeaturepackageforN-Series

N-EOS-PPC Enterasys Operating System (EOS) Platinum DFE port capacity increase key

N-EOS-PUC Enterasys Operating System (EOS) Platinum/Diamond extra user capacity activation key

N-EOS-RED Enterasys Operating System (EOS) 1+1 high availability upgrade for Gold DFEs

© 2009 Enterasys Networks, Inc. All rights reserved. Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. Please visit http://www.enterasys.com/company/trademarks.aspx for trademark information.

03/09

PatentedInnovation

Delivering on our promises. On-time. On-budget.

DATA CENTER SOLUTIONS

For More Information:(866) [email protected]

New For More Information: N-Series DATA CENTER SOLUTIONS N-Series... · 2016. 7. 19. ·...

Documents

Transcript of New For More Information: N-Series DATA CENTER SOLUTIONS N-Series... · 2016. 7. 19. ·...